客户端可以telnet通服务器的端口,但是无法ping通服务器的IP地址,服务器本身也无法ping通网卡IP和回环地址
一、防火墙排查1、查看服务器防火墙状态
#服务器本地查看到防火墙是关闭的,排查防火墙配置问题[root@server ~]# systemctl status firewalld● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1)Apr 26 08:55:35 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...Apr 26 08:55:36 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.Apr 26 09:48:07 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...Apr 26 09:48:09 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.2、在服务器本机ping本身网卡地址和回环地址一样不通
[root@server ~]# ip add1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:13:29:39 brd ff:ff:ff:ff:ff:ff inet 192.168.14.211/24 brd 192.168.14.255 scope global noprefixroute ens32 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe13:2939/64 scope link valid_lft forever preferred_lft forever 二、内核参数排查1、查看内核参数ICMP忽略返回数据包,1为开启,0为关闭
[root@server ~]# sysctl -a |grep net.ipv4.icmpnet.ipv4.icmp_echo_ignore_all = 12、查看/etc/sysctl.conf 文件,确实有记录
[root@server ~]# cat /etc/sysctl.conf |grep -v ^#net.ipv4.icmp_echo_ignore_all = 13、修改net.ipv4.icmp_echo_ignore_all 把 1 改为 0
[root@server ~]# vi /etc/sysctl.conf [root@server ~]# sysctl -pnet.ipv4.icmp_echo_ignore_all = 04、如果已经把net.ipv4.icmp_echo_ignore_all 从配置文件查看,但是查看内核对应数值还是为1,建议重启服务器。不想重启就添加回配置,然后把值改为0,再执行sysctl -p